Analysis
-
max time kernel
132s -
max time network
141s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
06-11-2020 00:39
General
-
Target
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe
-
Size
251KB
-
MD5
0fb415a9b04d06cf59a8738cee9f6c87
-
SHA1
73a86e9e484fa098ec5179c7a6b9707ae5a3aec7
-
SHA256
62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f
-
SHA512
2a2e05e078924dd26a86c184075aca1cfe1ef80bf29d67ed70b58193f7fe226256a886140d39eb679bc9bc438263fc3e696264fc9ecd2e835af62c6fdb769262
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe"C:\Users\Admin\AppData\Local\Temp\62b269e510f4cc13916da987fed1a08b4e1d48487984b5b273b327c0f9cd225f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx